By July 2027, the EU anti-money laundering framework will change in a way that goes beyond a routine legislative update.
If you’re discussing it now, the real question is priority. How much attention should this command today, and what should you already be doing or communicating?
The changes agreed in 2024 introduce a directly applicable Anti-Money Laundering Regulation (AMLR), a new Anti-Money Laundering Directive (AMLD6), and a new supervisor, the Anti-Money Laundering Authority (AMLA). The AMLR applies from 10 July 2027. Between now and then, AMLA will issue Regulatory Technical Standards and guidance that will shape much of the operational detail.
Despite some industry noise, this doesn’t need the same response from every firm. Your approach should reflect your size, footprint and risk profile.
If you’re likely to fall within the 40 entities directly supervised by AMLA, with a large EU footprint and significant cross-border activity, this warrants active management. A focused team should track the developing standards, compare them with your current framework, and stay close to the direction of travel.
If you’re a smaller, UK-focused firm, a full mobilisation is unlikely to be proportionate at this stage. This can remain within existing horizon scanning, with policy teams monitoring developments and escalating material impacts as the standards take shape through 2026 and into 2027.
Don’t dismiss this as irrelevant if you’re UK-based. If you have EU entities, AMLR applies to them, and the need for group consistency may also affect your wider framework.
Under the previous AML Directives, each Member State translated EU requirements into its own national law and issued local guidance. The result was variation in how rules were applied and supervised across countries.
AMLR changes that approach. As a regulation, it applies directly across Member States without national transposition. It will be supported by technical standards and guidance from AMLA, which will also directly supervise 40 higher-risk firms and oversee the wider EU framework.
The aim of this more centralised model is greater consistency in how rules are interpreted and enforced over time.
Much of the practical detail of how to implement AMLR will come through Regulatory Technical Standards to be developed over the next couple of years. AMLA is already consulting on drafts covering sanctions, customer due diligence, and how to define business relationships, linked transactions and thresholds. More standards will follow.
For regulated firms this creates a timing challenge. AMLR applies from 10 July 2027, and boards and supervisors will expect you to be ready. But some supervisory expectations will only become clear as the standards are finalised.
Waiting for perfect clarity won’t be acceptable, but at the same time, redesigning your entire AML framework before the detail arrives would be premature. The sensible approach is to track developments closely and assess impact as the standards evolve.
None of this means the rules are necessarily going to get simpler, at least in the short term.
Technical standards exist to remove ambiguity, but that’s also where firms exercise judgement within a risk-based approach. If early standards are detailed and prescriptive, firms used to more principles-based supervisory styles may experience a tightening of expectations.
We can make an educated guess about the likely drafting style. AMLA is building quickly and recruiting heavily. There’s a finite pool of deep AML regulatory expertise in Europe, and some will come from existing authorities. Early standards may reflect established EU supervisory approaches in tone and structure.
For MLROs and Heads of Financial Crime, if your core control architecture is robust today, it should remain directionally sound under AMLR.
There are, however, actions that warrant attention now.
First, brief your board. AMLR represents a shift in regulatory architecture and supervisory coordination. It doesn’t render your existing CDD, monitoring or governance framework obsolete, but boards should understand the likely areas of impact and the timeline.
Second, begin structured mapping of AMLR and draft Regulatory Technical Standards against your current framework. Focus on areas where harmonised standards are likely to test existing practice: CDD triggers and thresholds, beneficial ownership verification depth and evidence, documentation standards, and group policy alignment across EU entities. This isn’t a redesign exercise yet, but a disciplined impact assessment.
Third, track AMLA’s consultation programme actively. When draft standards evolve through consultation, the underlying policy direction rarely changes. Consultation tends to refine definitions, thresholds and practical application rather than core intent. For that reason, don’t wait until every standard is finalised. Policy changes, systems enhancements and training all take time, and early analysis will reduce the risk of compressed implementation.
Engaging, either directly or through industry bodies, will also help you understand supervisory thinking and give you an opportunity to influence how expectations are framed. It positions your organisation as constructive rather than reactive.
Handled early and calmly, the road to AMLR is manageable. Left late, it risks becoming another stressful delivery exercise under regulatory pressure.
.png)
